[lug] hosts.deny syntax

dan radom dradom at redback.com
Tue Jun 19 16:17:34 MDT 2001


The syntax you're looking for is ALL : 192.168.0.0/255.255.255.0 or ALL : 10.0.0.0/255.255.0.0

taken from man hosts.deny...

An expression  of  the  form  `n.n.n.n/m.m.m.m´  is  interpreted  as  a
              `net/mask´  pair.  A  host  address is matched if `net´ is equal to the
              bitwise AND of the address and the `mask´. For  example,  the  net/mask
              pattern `131.155.72.0/255.255.254.0´ matches every address in the range
              `131.155.72.0´ through `131.155.73.255´.
...

dan

* D. Stimits (stimits at idcomm.com) wrote:
> I'm trying to clean up some /etc/hosts.deny items for a relatively new
> RH 7.1 install. There are a few trouble domains I want completely
> blocked (ipchains already does this, but I want xinetd to also ignore
> them through its tcpwrappers mechanism). Basically, I want something
> like this for a /16 domain:
> ALL: 123.456.
> 
> Or this for a /24:
> ALL: 123.456.789.
> 
> But this is not doing what I want, and for example, web browsers can
> still get out and receive a reply from those domains. So is it mandatory
> to add a service or daemon name as well? E.G., must I do something like:
> in.httpd: ALL: 123.456.
> 
> ?
> 
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list